| Summary: | 碩士 === 國立中興大學 === 應用數學系 === 91 === In order to provide an environment for convenient network access, it is necessary to allow network connections without rigid restrictions. However, a loosely restricted connection to the public access networks (PANs) could easily suffer from malicious attacks. A department local area network (DLAN) in a campus environment meets the features of PAN. We take the DLAN as a special PAN and deal with the management issues from the perspective of a system manager.
Functions of DLAN management include invasion detection, appropriate IP usage, traffic monitoring, and proper system configuration. We physically divide DLAN into a firewall system and four functional clusters: open area, public servers group, proprietary servers group, and management group. In our study, a checkpoint scheme based upon firewall technology is constructed to protect the DLAN from intrusions. An IP-MAC mapping technique is also proposed to prevent IP addresses from misusing. The traffic, both incoming and outgoing, of each internal user is also monitored. Configuration of devices and systems is controlled by Simple Network Management Protocol (SNMP) operations.
|
|---|
